Known Vulnerabilities for products from Espressif
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Espressif".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Espressif can be found at device.report : Espressif
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24893 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-25 | 2022-07-08 |
| CVE-2021-41104 | ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 20... | 7.5 - HIGH | 2021-09-28 | 2021-10-07 |
| CVE-2021-34173 | An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed be... | 7.5 - HIGH | 2021-07-14 | 2021-07-27 |
| CVE-2021-28139 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon re... | 8.8 - HIGH | 2021-09-07 | 2021-09-09 |
| CVE-2021-28136 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple ... | 6.5 - MEDIUM | 2021-09-07 | 2021-09-09 |
| CVE-2021-28135 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuou... | 6.5 - MEDIUM | 2021-09-07 | 2022-07-12 |
| CVE-2020-16146 | Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through ... | 7.5 - HIGH | 2021-01-12 | 2021-01-20 |
| CVE-2020-13595 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-13594 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not pr... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-12638 | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, ... | 6.8 - MEDIUM | 2020-07-23 | 2021-07-21 |
| CVE-2019-17391 | An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the f... | 4.6 - MEDIUM | 2019-11-14 | 2020-08-24 |
| CVE-2019-15894 | An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x th... | 6.8 - MEDIUM | 2019-10-07 | 2020-08-24 |
| CVE-2019-12588 | The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN A... | 6.5 - MEDIUM | 2019-09-04 | 2019-09-09 |
| CVE-2019-12587 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the ins... | 8.1 - HIGH | 2019-09-04 | 2020-08-24 |
| CVE-2019-12586 | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP ... | 6.5 - MEDIUM | 2019-09-04 | 2020-08-24 |
| CVE-2018-18558 | An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of inpu... | 6.4 - MEDIUM | 2019-05-13 | 2023-11-07 |
Known software with vulnerabilities from Espressif
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Espressif | Arduino Esp8266 | 2.0.0 |
| Application | Espressif | Arduino-esp32 | - |
| Hardware | Espressif | Esp32 | - |
| Hardware | Espressif | Esp32-d0wd | - |
| Operating System | Espressif | Esp32-d0wd Firmware | - |
| Hardware | Espressif | Esp32-d2wd | - |
| Operating System | Espressif | Esp32-d2wd Firmware | - |
| Hardware | Espressif | Esp32-pico-d4 | - |
| Operating System | Espressif | Esp32-pico-d4 Firmware | - |
| Hardware | Espressif | Esp32-s0wd | - |
| Operating System | Espressif | Esp32-s0wd Firmware | - |
| Application | Espressif | Esp8266 Nonos Sdk | 2.0.0 |
| Application | Espressif | Esp8266 Rtos Sdk | - |
| Application | Espressif | Esp-idf | 0.9 |